6
Relaxing Goal Random faults [vN56,DO77,Pip85,...] Bounded number of faults [KLM94,GS95,KLR12] This work: any number of adversarial faults –Allow fault-tolerant circuit to be randomized –Settle for detecting errors w.h.p –Still does not rule out direct tampering with input and output

22
Motivating Observation In “natural” passive-secure MPC protocols for evaluating an arithmetic circuit C, the effect of an active adversary corresponds to an additive attack on C. –Formally: the protocol perfectly realizes an augmented ideal functionality that allows for an additive attack. –Applies to all information-theoretic protocols we know that have maximal security threshold Active security can be achieved by applying passive-secure protocol to AMD circuit C’. Reduces protocol design to circuit design

23
Some Details Need to protect inputs and outputs –Achieved via local AMD encoding of inputs and AMD decoding of outputs Protocols only achieve “security with abort” –Often best possible –With honest majority and broadcast, can be upgraded to full security using standard methods